\ 

u 




Europaisches 
Patentamt 



European 
Patent Office 



Office europeen 
des brevets 




Bescheinigung Certificate 



Attestation 



Die angehefteten Unter la- 
gen stimmen mit der 
ursprOnglich eingereichten 
Fassung der auf dem nach- 
sten Blatt bezeichneten 
europaischen Patentanmel- 
dung Qberein. 



The attached documents 
are exact copies of the 
European patent application 
described on the following 
page, as originally filed. 



Les documents fixes a 
cette attestation sont 
conformes a la version 
initialement deposee de 
ia demande de brevet 
europeen specif! ee a la 
page suivante. 



Patentanmeidung Nr. Patent application No. Demande de brevet n° 

03104643.6 



PRIORITY 
j DOCUMENT 

| SUBMITTED OR TRANSMITTED IN 

j COMPLIANCE WITH RULE 1 7. 1 (a) OR (b) 



Der President des Europaischen Patentamts; 
Im Auftrag 

For the President of the European Patent Office 

Le President de I'Office europeen des brevets 
p.o. 




R C van Dfijk 



BEST AVAILABLE COPY 



Europaisches 
Patentamt 



European 
Patent Office 



Office europeen 
des brevets 



Anmeldung Nr: 

Application no.: 03104643.6 
Demande no: 



Anmeldetag: 

Date of filing: 11. 12.03 
Date de depot: 



Anmel der/Appl 1 can t( s)/Demandeur( s) : 

Koninklijke Philips Electronics N.V. 
Groenewouds eweg 1 
5621 BA Eindhoven 
PAYS-BAS 



Bezel chnung der Erf 1ndung/Tl tie of the 1nvent1on/Tl tre de l'1nvent1on: 
(Falls die Bezel chnung der Erflndung nlcht angegeben 1st, slehe Beschrel bung. 
If no title 1s shown please refer to the description. 
S1 aucun tltre n'est Indlque" se referer a la description.) 

Secure signal processing 

In Anspruch genommene Priori at( en) / Priori ty(1es) claimed /Priori te"( s) 
revend1qu£e( s) 

Staat/Tag/Aktenze1chen/State/Date/Flle no./Pays/Date/Nume>o de depot: 



Internationale Patentklassl f 1 katlon/Internatlonal Patent Classification/ 
Classification Internationale des brevets: 

G06F1/00 

Am Anmeldetag benannte Vertragstaaten/Contractlng states designated at date of 
flHng/Etats contractants designees lors du depot: 

AT BE BG CH GY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL 
PT R0 SE SI SK TR LI 



03104643.6 2 
EPA/EP0/0EB Form 1014.2 - 01.2000 7001014 



PHNL03 1443EPP 
Secure signal processing 



1 



11,12.2003 



FIELD OF THE INVENTION 

The invention relates to a method of providing a cascaded signal processing 
function to an execution device in a secure and/or personalized way. The invention also 
relates to a system for providing a cascaded signal processing function to an execution device 
5 in a secure and/or personalized way. The invention further relates to an execution device for 
executing a cascaded signal processing function provided in a secure and/or personalized 
way. 



BACKGROUND OF THE INVENTION 

10 The Internet provides users with convenient and ubiquitous access to digital 

content. Because of the potential of the Internet as a powerful distribution channel, many CE 
products strive to interoperate with the PC platform — the predominant portal to the Internet 
The use of the Internet as a distribution medium for copyrighted content creates the 
compelling challenge to secure the interests of the content provider. In particular it is 

15 required to warrant the copyrights and business models of the content providers. Control of 
the playback software is one way to enforce the interests of the content owner including the 
terms and conditions under which the content may be used. In particular for the PC platform, 
the user must be assumed to ha\e complete control to the hardware and software that 
provides access to the content and unlimited amount of time and resources to attack and 

20 bypass any content protection mechanisms. As a consequence, content providers must deliver 
content to legitimate users across a hostile network to a community where not all users can be 
trusted. The general approach in digital rights management for protected content distributed 
to PCs is to encrypt the digital content (for instance using DES) and to store the decryption 
key (or the "license") in a so-called License database on the PC's hard disk. Digital content 

25 on the PC is typically rendered using media players, such as Microsoft's Media Player, 
Real's RealOne Player, Apple's QuickTime player. Such players can load for a specific 
content format a respective plug- in for performing the format- specific decoding. Those 
content formats may include AVI, DV, Motion JPEG, MPEG-1, MPEG-2, MPEG-4, WMV, 
Audio CD, MP3, WMA, WAV, AIFF/AIFC, AU, etc. The player and plug- in structure is 
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illustrated in Fig. 1, where a media player 100 includes a core player 100 and several format- 
specific plug- ins (shown are plug- ins 120, 122 and 124). The core player 100 may, for 
example, provide the user interface for controlling the player. Each plug- in includes a 
respective decoder. It may send the decoded content directly to rendering HW/SW, such as a 
5 sound-card, or pass it on to the core player 100 for further processing. For secure rendering, a 
secure plug- in is used that not only decodes the content in the specific format but also 
decrypts the content This is illustrated in Fig.2, where the encrypted content is first fed 
through a decryptor 230 and next the decrypted content is fed through the format- specific 
decoder 220. The decryptor 230 may receive a decryption key/license from a license database 
10 210. 

The largest vulnerability of digital rights management relying on encryption is 
the key distribution and handling. For playback, a software player has to retrieve a decryption 
key from the license database, it then has to store this decryption key somewhere in memory 
for the decryption of the encrypted content This leaves an attacker two options for an attack 

15 of the key handling in a software player firstly, reverse engineering of the license database 
access function could result in a black box software (i.e., the attacker does not have to 
understand the internal workings of the software function) capable of retrieving asset keys 
from all license databases. Secondly, by observation of the accesses to memory used during 
content decryption it is possible to retrieve the asset key. 

20 Typically digital rights management systems use an encryption technique 

based on block ciphers that process the data stream in blocks using a sequence of 

ft* 

encryption/decryption steps, referred to as rounds. The output of i-1 round is the input of the 
i th round. Thus, for a system with N rounds the algorithm can be described as a function 
cascade f N o - . • o f^x) , where function /. represents the functionality of round i . Most block 
25 algorithms are Feistel networks. In such networks, the input data block x of even length n is 

divided in two halves of length — , usually referred to as L and R So, the input x fed to the 

2 

first round is given as x = (Lq,R 0 ) . The / th round (i>0) performs the function f { , where f t is 
defined as 

30 Ki is a subkey used in the f h round and F is an arbitrary round function. 
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SUMMARY OF THE INVENTION 

It is an object of the invention to provide a better protection of cascaded signal 
processing functions such as Feistel networks. 

To meet the object of the invention, a method of providing a digital signal 
5 processing function / to an executing device in an obfuscated form, where the function 

/ includes a function cascade including a plurality of signal processing functions /, , 

1 <i i < N , for processing a digital signal input x to yield a digital signal output (for 
example, FQ ( x) = f N o . • • o f x (#) ) , includes: 

selecting a set of 2N invertible permutations p l9 l<i< 2N ; 
10 calculating a set of N functions g i , where g t is functionally equivalent to 

calculating a set of N —1 functions h { , where ^ is functionally equivalent to 

Pv\°P2i-2> f ™ 2<i<N; 

equipping the executing device with an execution device function cascade that 
15 includes y N 0 h N oy N _ L oh N ^ i o. m .oy i7 where y i9 .^ 9 y N arefunction 

parameters (for example, ED i (y x y N ) = y N °h N ° y^ o h N ^ o . . . o y t ) , 

providing the functions g i9 ..* 9 g N to the executing device; and 
in the executing device, applying the execution device function cascade to the 
functions g i9 ~.,g N (for example, ED^^.^g^)) . 

20 According to the invention the constituent functions f ( are provided in an 

encapsulated form as g t , where g t is functionally equivalent to p£ o f ( o p 2i _^ , for 1 < j < N . 

The functions p t used for the encapsulation are also hidden by being supplied in the form of 

hi which is a multiplied version of ° p 2i - 2 > for 2 < i < N . By executing the functions g l 
and hi in the execution device in an interleaved manner (as for example is illustrated in Fig.4) 
25 the functionality of the function cascade is achieved without f { being directly recognizable. 

In particular, if /, represents a round function of a Feistel cipher, the round key that is 
embedded in the round function is not directly recognizable. The obfuscated delivery of f i 
increases security. The execution function device cascade may form the core functionality of 
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a media player, where the set g l9 ..-,g N enables the player to execute a function cascade 

containing /i up to and including f N . 

The dependent claims 2 and 3 show two respective alternative embodiments 
for protecting the (functional) beginning of the function cascade. In the embodiment of claim 

5 2, the execution device function cascade starts with p^ x , for example 

ED 2 (y x ,... y y N ) = y N °h N oy N ^oh N _ l o.^^op* 1 , Applying this to g l9 ...,g N , gives as a 

functional start of the function sequence executed in the device: 

-' 0 g2 oh 2°gi 0 Pi l = '-°P3 l °i °Pi °P?°f °Pl ^Pi l = -'0 P ; l of 2 of l9 mMs\vayihe 
execution device explicitly executes f x . In the embodiment of claim 3, security is increased 
10 by extending the function cascade with a starting function f 0 that aids in hiding p~ l . The 
function cascade may, for example, be FC 2 (x) = f N o • • • o f x o f 0 (x) . The execution device 
function cascade starts with a function S x , for 

example J?Z) 3 (y l ,...,y^) = y w o^oy^ 1 o/^_ 1 o...oy 1 o5 1 ^here*^ is functionally equivalent 
to pf 1 o f 0 . Since S l only represents p± l in a form multiplied with f 0 , p~ l can not be 

15 retrieved from the execution device in a direct way such as reading certain memory locations. 
Preferably, f 0 is a global secret 

The dependent claims 4 and 5 show two respective alternative embodiments 
for protecting the (functionally) ending of the function cascade in a manner analogous to 
claims 2 and 3 

20 According to the measure of the dependent claim 6, the chosen sequence of 

permutations p { is unique for the device. In this way, the function cascade is supplied to the 

execution device not only in an obfuscated form but also in a personalized form. For 
example, if the function cascade represents a Feistel cipher with embedded decryption key, 
cryptanalytic or brute force attacks may result in obtaining the black box functionality of 

25 gi,-->g N - This broken functionality would then only work in combination with the 

corresponding execution device function cascade and not with any other execution device. 

This significantly limits the impact of a successful attack. 

According to the measure of the dependent claim 7, the execution device 

function cascade is embedded in a program, for example in the form of a media player or a 
30 plug- in for a media player. The execution device is thus provided with secure, personalized 

software. 
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According to the measure of the dependent claim 8, the functions 
8 1 >• • •» £ a, form a plug- in for the program. If the program itself is a plug- in, then the functions 

Sh m ^ effect a plug- in for the plug- in. As an alternative, according to the measure 
of the dependent claim 9, the functions g i9 ..-,g N may be embedded in the same program as 

5 the execution device function cascade. 

To meet an object of the invention, a computer program product operative to 
cause a processor in an execution device to execute a digital signal processing function / 

including a function cascade including a plurality of signal processing functions f t , where 

1 < j ^ N , for processing a digital signal input x to yield a digital signal output (for 
10 example, FQ (x) = f N o - • • o f v ( x ) ), by: 

loading an execution device function cascade that 
includes y N °h N o y N ^ o L o . . . o y t , where y l9 *..,y N are function parameters, 

loading a set of functions g l9 . .., g N ; 

applying the execution device function cascade to the set of functions 
15 g l9 .-.,g N ; where: 

g i is functionally equivalent to p£ ° f t ° p zi ^ , for \<i<N \ 
h t is functionally equivalent to ° p^-2 f° r 2<i<> N ; and 
Pi is an invertible permutatio n, for 1 < i < 2N . 

To meet an object of the invention, a method of providing a digital signal 
20 processing function / to a plurality of executing devices, each identified by a unique index 

j , in an obfuscated, anonymous form; the function / including a function cascade including 
a plurality of signal processing functions f i , where 1 < i < N , for processing a digital signal 
input x to yield a digital signal output ( for example, FC Y (x) = f N o • ■ - o f x (x) ), includes: 

selecting a set of 2N invertible permutations p x , where 1 < i < 2N ; 
25 calculating a set of N functions g t , where g t is functionally equivalent to 

selecting for each device j a corresponding set and/or sequence of 

2 N invertible permutations p j S , that is unique for the device and/or a user of the device; 
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calculating for each executing device j a corresponding set of N — 1 

functions h jX , where h jS is functionally equivalent to p]\ t ^ ° Pj&-2 for 2 <*i<N; 

equipping each executing device j with a respective execution device function 

cascade EDj (y l9 ... 9 y N ) that includes y N °h j N o y N ^ o h jtN _ x o . . . o y x ; 
5 equipping each executing device j with a respective loader function 

loader yOq = (/ jVL o^or^,...,;.^ ° ° ^) > where l j4 is functionally equivalent to 

Pj& ° Ai r y f is functionally equivalent to p 2i ^ 1 ° P/, 2 m » 

providing to the executing device the functions g V9 .** 9 g N ; and 
in the executing device, executing EDj {loader j ( ft . . , g N )) . 

10 The functions f t are obfuscated in the form of the functions g x ,... 9 g N in the 

same way as described for claim 1. The functions g l9 ...,g N are the same for each device and 

can be seen as corresponding to one default/anonymous device. The execution devices are 
equipped with a device specific ("personalized") execution device cascade. A device specific 
loader function is used to convert the respective anonymous functions g t to corresponding 

15 device specific functions that can be fed to the execution device cascade. The loader function 
uses conversion functions l J4 and r j t that are based on a set/sequence of permutations p j4 

that are not revealed. 

According to the measure of the dependent claim 12, the functions g t can be 

supplied to all devices in a same way, for example, using broadcasting or on a storage 
20 medium, such as a CD- ROM or DVD. 

These and other aspects of the invention are apparent from and will be 
elucidated with reference to the embodiments described hereinafter. 

BRIEF DESCRIPTION OF THE DRAWINGS 
25 In the drawings: 

Fig. 1 shows a block diagram of a prior art plug- in based decoding; 

Fig.2 shows a block diagram of a prior art based decryption; 

Fig. 3 shows a block diagram of a prior art integrated decryption/decoding 

system; 

30 Fig.4 shows the obfuscating according to the invention; 

Fig.5 shows a simple example of obfuscation; 
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Fig.6 shows a block diagram of a system according to the invention; 
Fig.7 shows a further embodiment of a system according to the invention; 
Fig.8 illustrates anonymous obfuscation according to the invention; and 
Fig.9 illustrates an alternative embodiment for anonymous obfuscation. 

5 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

Fig.3 shows a block diagram of prior art system in which the invention may be 
employed. In the example of Fig.3 content (typically Audio and/or video content) is 
distributed on a medium 310. The medium may be the same for each player. The medium 

10 may be of any suitable type, e.g. audio CD, DVD, solid state, etc. The content on the medium 
is copy protected, preferably by being encrypted under using an encryption algorithm, such 
as a Feistel cipher. The storage medium may include information relating the decryption key. 
Alternatively, the storage medium may include information 312 (such as an identifier) that 
enables the player to retrieve the information, for example by downloading it from a server in 

15 the Internet. The decryption key is created in a secure module 320 by using a key-specific 

key 322 and the information 312 to calculate 324 the decryption key 326. The decryption key 
is the received 332 in a second module 330. The second module 330 decrypts 334, decodes 
336 and renders 338 the content 314 of the medium 310. 

Fig.4 illustrates the method according to the invention. A digital signal 

20 processing function / is provided to an executing device in an obfuscated form. The function/ 

includes a function cascade including a plurality of signal processing functions/-, l<i<N. 
For example the core of the function cascade may be formed by FC L (x) a f N o • • - o f x (jc) . It 

should be noted that here the conventional mathematical notation is used: 

g°f(x)=g (/(*))• In principle, the function cascade may be any digital signal processing 

25 function. In a preferred embodiment, the function cascade includes a cipher. For example, the 
function /i may represent the I th round (i>0) of a Feistel cipher. In such a case,/ is defined as: 

/ (Z^ ) = 2?U e (Ih ®F(R i ^K i )) , 

where Ki is a subkey used in the z th round and F is an arbitrary round function. 

According to the invention, a set of 2N invertible permutations pu 1 = i = 2N 
30 is selected. Next, a set of N functions g t is calculated, where g t is functionally equivalent to 

Pv°fi°P2H.>f° T l£i£N.Jn this context with functionally equivalent is meant that if g t is 
applied to a same input (e.g. x) the same outcome is achieved as when p~f o/^p^is 
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applied to that input, for each allowed value of the input. The composite functions p£ , f, , 
and /? 2W are not separately visible, g,. provides the black box functionality of p^} o/ ( op 2H . 
Fig. 5 illustrates this approach for very simple one- dimensional functions. In this example, 

p 4 (x)=yfx;p; l (x)=x 2 ;p 3 (x) =^-;p?(x)= 3x; = 3. Thus 

g 2 (*) = P? °f 2 • P3 (*) = p? o f 2 (p 3 (x)) =/>; 1 o / 2 (|) = P ;\^+ 3) =(| +3) 2 . It is well- 

known from the field of computer compiler building how the black box functionality of 

Ptj ° fi° P2M can ^ e achieved using so-called partial evaluation. Chapter 1 "Partial 

Evaluation and Automatic Program Generation" by N.D. Jones, C.K. Gomard, and P. Sestoft 
describes the concept of partial evaluation. This will not be described in more detail here. It 
will be appreciated that the digital signal input x is a mulfr dimensional parameter, for 
example of 64 or 128 bit block/vector, to be able to perform a useful permutation. According 
to the inventio n, a set of N- 1 functions is calculated, where h t is functionally equivalent to 

Pa* ° Pv-2 » f° r 2<i<N . Using the simple example of Fig.5, 

h 2 (x) = o Pl (jc) = 3 • p 2 (x); (jc) = Ps l ° p 4 (x) = p^ 1 (>/*) . Using these definitions, part of 
the execution device cascade that hides f 2 would be: 

-th °g2°fh =~< P ;\yfc)) °(f +3) 2 = (p;\&»*i 3 * p * M +3) 2 

= (p;\Jx)) o (/? 2 (x) +3) 2 = p; 1 (^(p 2 (x) + 3f) = /75 1 (/; 2 (x) + 3) . It can be observed 

that this is indeed functionally equivalent to P 5 ° f 2 ° P 2 ( x ) • Thus, the executing device 

that has executed this cascade has executed jf 2 without having explicit knowledge of f 2 • 

In a further example, i\T=2, and /i and f 2 are each evaluated to a respective 

mapping table given by: 

fi:{ 0 -> 3, 1 -> 1, 2 -> 6, 3 -> 2, 4 -> 7, 5 -> 5, 6 -> 4, 7 -> 0, 8 -> 8 }, 
f 2 : { 0 -> 4, 1 -> 1, 2 -> 5, 3 -> 7, 4 -> 6, 5 -> 2, 6 -> 0, 7 -> 8, 8 -> 3 } . 

In this example, /i is an invertible function that converts a number between 0 and 8 to a 

number between 0 and 8, e.g. value 0 is converted to value 3, value 1 to 1, value 2 to 6, etc. 

The following four respective permutations are used in this example: 

pi: { 0 -> 5, 1 -> 3, 2 -> 1, 3 -> 7, 4 -> 0, 5 -> 6, 6 -> 2, 7 -> 8, 8 -> 4 } 
PX { 0 -> 8, 1 -> 6, 2 -> 7, 3 -> 3, 4->4, 5 -> 2, 6 -> 0, 7 -> 1, 8 -> 5 } 
P3i { 0->3, 1 ->5,2->7,3-> l,4->6,5->0,6~> 2,7->8, 8->4 } 
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p 4 : { 0 -> 3, 1 -> 0, 2 -> 5, 3 -> 2, 4-> 7, 5 -> 8, 6-> 1, 7-> 4, 8 -> 6 } 
For this example the following three inverse permutations are used: 

p?: { 0-> 6, l->7,2->5,3-> 3,4->4,5-> 8, 6 -> 1, 7->2, 8-> 0 } 
p; 1 : { 0->5, l->3,2-> 6,3->0,4-> 8, 5 -> 1, 6 ->4, 7->2, 8 -> 7 } 
5 p?: { 0-> 1, l->6,2->3,3->0,4~>7,5~>2,6->8,7->4,8->5 } 

Giving these functions, /^CO = p^ 1 ° /* 2 00 * s ft^ 11 given as: 

h 2 : { 0 -> 7, 1 ~> 4, 2 -> 2, 3 -> 0, 4 -> 8, 5 -> 6, 6 -> 5, 7 -> 3, 8 ~> 1 } . 
For example, p 2 maps 0 to 8 and p^ 1 maps 8 to 7. Thus, /? 2 (0) = pj 1 © p 2 (0) = 7 . 

Similarly, (x) = pj l °f\°P\ 00 * s given by: 
10 gi: { 0 -> 8, 1 -> 5, 2 -> 7, 3 -> 6, 4 -> 3, 5 -> 4, 6 -> 1, 7 -> 0, 8 -> 2 } 

and g 2 (x) = p; l of 2 QPi (*) is given by: 

g2 : { o -> 4, 1 -> 3, 2 -> 5, 3 -> 6, 4 -> 1, 5 -> 7, 6 -> 2, 7 -> 0, 8 -> 8 } 
The executing device is equipped with the execution device function cascade 
that includes y N °h N °y N ^<>h N _ x o.„ oy XJ where y i9 .^ 9 y N are function parameters. This is 

15 shown in Fig.4 as a sequence of functions h NJ h N _ X9 *..> 410. An exemplary execution 
device function cascade is ED l (y i ^^,y N ) = y N °h N o y N _ x o h N _± o...oy r Furthermore, the 
functions g l9 —,g N are provided to the executing device. This is shown in Fig.4 as a 
sequence of functions g N , g N ^ 9 *^ - 9 gi 420. In the executing device, the execution device 
function cascade is applied to the functions g X9 ... 9 g N - This gives, for example, the total 

20 signal processing function ED X ( g x ,. . . , g N ) in the executing device. This function can then be 
applied to the digital signal input x. 

Taking a look at a middle part of the chain like h t+x o g. ofy, this gives: 

h*°8 i °h i = Pu+i ° P a ° A? 1 ° fi ° Pn-i ° PlU ° Px-2 = Pzm ° f$ ° Pu-2 • The first and least term 
of this expression will be eliminated by the respective g terms. The total outcome is that the 
25 executing device executes a function that includes the function cascade f N ° — o f x (x) without 

having access to any of the functions/-. These functions are thus obfuscated. 

In preferred embodiments, options are given for dealing with the beginning 
and ending of the chain. Without any further measures, the resulting total signal processing 
function in the executing device may be ED x (g X9 „. 9 g#) = R l ^ t °f N ° mmm0 fi(x)° p x * For 
30 example, the term pi can be eliminated by using an execution device function cascade that 



PHNL03 1443EPP 



10 11.12.2003 

includes y N °h N o y N ^ o h N _ x Q -..°y x ° A*- For 

example, ^(y^..,?*)^ y*^^ Pi" 1 is kept 

secure in the executing device. A preferred way of doing this is to extend the function 
cascade with a further signal processing function f 0 , 
5 (for example, FC 2 (x) = f N o-.-o^ o f 0 (x)). The execution device function cascade then 

includes y N °h N o y N ^ o h N _ x .<> y x °S X , for example 

(ED 3 (y v „. 9 y N ) = y N °K° y N -i°K-± °— ° 3\ ° S i ) > where S x is functionally equivalent 
to p x l o f 0 m In this way the individual terms p x x and fo need not be revealed, but only the 
multiplicated form p x 1 o / 0 exists. Preferably, /o is a global secret, i.e. known to the parties 

10 that need to known it but not distributed any further. Global secrets in itself are known and 
ways of communicating global secretes in a secure way are also known and will not be 

discussed here any further. 

In a corresponding way, measures can be taken for dealing with the term 

Pw-i • For example, the execution device function cascade may include 
15 P 2N °y N Q h N oy N _ l oh N _±°.„oy l (e.g J ED 4 iy^.. 9 y N )^p 2N oy N oh N oy p/ _ l oh l ,_ i o.. m oy i yTo 

better protect p2N > the function cascade may end with a further signal processing function 
/yv+i , (for example, FC 3 (x) e f N+l o f N o . . . o f x (*) ). The execution device function cascade 

tben includes S 2 °y N oh N oy N _ :L o}i N _ 1 °.„<>y x 

(e.g., ED 5 (y x „ . . , y N ) b S 2 o y N o h N o y N ^ o h N _ x o . . . o y x ) , where S 2 is functionally equivalent 
20 tof NH op 2N . 

Fig. 6 illustrates a system in which the invention may be employed. The system 
600 includes a server 610 and at least one executing device 620. The server may be 
implemented on a conventional computer platform, for example on a platform used as a 
server, such as a web server, or file server. The server includes a processor 612. The 
25 processor 612 is operated under control of a program. The program may be permanently 
embedded in the processor in an embedded storage, like embedded ROM, but may also be 
loaded from a background storage, such as a hard disk (not shown). Under control of the 
program, the processor 612: 

• selects the set of 2N invertible permutations p n l<i< 2N ; 
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• calculates the set of N functions g t , where g i is functionally equivalent to 
P2i°fi°P2i-i^OT l</<AT;and 

• calculates the set of N-l functions h t , where h t is functionally equivalent to 

Pv-*°P2i-2> fox 2<i<N. 
5 The permutations may be selected (e.g. randomly or pseudo-randomly) chosen from a very 
large set of permutations that may be stored in a (preferably secure) storage (not shown). The 
server may also use a suitable program to generate the permutations. It is well-known how to 
create invertible permutations and this will not be described here any further. 

Additionally, the server includes means 614 for equipping the executing 
10 device with an execution device function cascade that includes y N oh N o y N ^ o _ x °...°y l9 

where y L ,..., y N are the function parameters. The server may do this in any suitable form. For 

example, in a factory the terms hi may be stored in a storage module of the executing device 
during the manufacturing of the executing device 620. Fig.6 shows that the terms are 
downloaded through the Internet 630 directly to the executing device 620. The server 610 

15 also includes means 616 for providing the functions g l9 ... 9 g N to the executing device 620. 

The functions g i incorporate the respective functions f t . The functions f t may be chosen 

specifically for the digital signal input x . For example, each video title may be encrypted 
with a corresponding encryption function (e.g. using a same cipher but with a content specific 
key). To this end, the server 610 may also include the software for controlling the processor 
20 612 to encrypt the content 640 and supply the encrypted content 642 to a distribution 

medium, e.g. for distribution on a storage medium or through a communication medium like 
the Internet 

The executing device 620 includes means 626 for obtaining the functions 
g i ,--.,g N from the server 610. These means cooperate with the means 616 of the server and 

25 will not be described further. The executing device 620 further includes a processor 622. The 
processor may be of any suitable type, such as a processor known from personal computers 
or an embedded microcontroller. The processor 622 is operated under control of a program. 
The program may be permanently embedded in the processor 622 using an embedded 
storage, like embedded ROM, but may also be loaded from a background storage, such as a 

30 hard disk (not shown). Under control of the program, the processor 622 loads the execution 
device function cascade and applies the loaded execution device function cascade to the 
functions g l9 *~,g N9 for example by executing ED l (g i9 ..^g N ) . The resulting signal 
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processing function may then be applied to the signal input x (e.g. content received from a 
medium). The processor 622 may load the execution device function cascade in any suitable 
form. For example, the cascade may have been pre- stored during manufacturing in a storage, 
reducing the loading to a straightforward memory read access. In the example of Fig. 6, the 
5 executing device 620 includes means 624 for retrieving the cascade (or the terms of the 
cascade), for example, through the Internet 630 or from the medium 650. Similarly, the 
executing device 620 may retrieve encrypted content 652 from the medium 650, and decrypt 
this using the processor 622. The processor may also decode the decrypted content. 

Fig.7 shows a preferred embodiment wherein the execution device function 

10 cascade is provided to the executing device 620 embedded in a software program 710 for 
execution by the processor 622. Same numbers in Fig.7 refers to the same items as used in 
Fig.6. The software program 710 may be a plug- in for a program like a media player. Thus, 
the means 614 of Fig.7 may supply this plug- in 710 via the Internet (e.g. item 630 of Fig.7) 
or embed it directly into the executing device 620 during manufacturing. 

15 In an embodiment, the functions gi,.-.,g N are supplied to the executing 

device 620 in the form of a plug- in for the program 710. In the case where the program 710 is 
already a plug- in, the functions g t , . . . , g N are effectively a plug- in for a plug- in. 

Alternatively, the functions gi>*..,g N are provided to the executing device 620 by 

embedding the functions g i9 .-;g N in the software program 710 by applying the execution 

20 device function cascade to the function parameters g v . . ., g N . In this way, the program 710 

embeds both the functions h t and g s . 

In an embodiment, each executing device and/or user of the executing device 
is unique and identified by a unique identity (e.g., a unique number j). In the system and 
method according to the invention, it is ensured that the sequences g t and h t are unique for 
25 the involved party. This can be achieved by obtaining the unique identity j of the executing 
device and/or user of the executing device a respective set of 2N invertible permutations p { 

that is unique for the obtained identity. Similarly, using the same set of permutations, a 
unique sequence of the permutations may be chosen. Both techniques (choosing a different 
set of permutations or a different sequence of permutations) may be combined. Preferably, 
30 the server stores (in a secure way) the unique set/sequence for each unique identity. In this 
way, each software media player in a personal computer can be supplied with a unique plug- 
in for decrypting and/or decoding a media title. The medium it self need not be unique. The 
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encrypted content only depends on the encryption functions, not on the unique set/sequence 
of permutations. By regularly (e.g. at start- up of the media player) checking whether the 
software corresponds to the identity and only executing the software if a match can be 
established it can be ensured that no player software can be executed on a PC to which it does 
5 not belong. If inadvertently a hacker manages to obtain the device- specific permutations they 
can only be used on the involved PC, possible also for content protected with a different 
encryption (resulting in different functions f { ), but not on different platforms. 

Above a method and system have been described wherein a signal processing 
function cascade is supplied to executing devices in an obfuscated way. For each device the 

10 same set/sequence of permutations may be used or a device- specific set/sequence may be 
used. In the remainder an preferred approach is described for achieving a device- specific 
set/sequence by distributing the signal function cascade ('key') in an obfuscated way that is 
the same for each device and using a conversion routine (loader') that converts the common 
key to a device- specific key. The 'common key' is created in much the same way as 

15 described before. The common key can in principle 'unlock' a reference player or 

anonymous player that, however, in this embodiment is not executed by any actual executing 
device. As before, the method includes selecting a set of 2N invertible permutations p u where 

1 < / < 2 N and calculating a set of N functions g t , where g t is functionally equivalent to 

Pv ° fi°P2i-±> f° r l^i^N . Now additionally, the method includes selecting for each 
20 executing device, each identified by a unique index j 9 a corresponding set and/or sequence of 
2N invertible permutations p } i , that is unique for the device and/or a user of the device. This 

set is used to provide each device a unique 'player*. This unique player is formed by 
calculating for each executing device j a corresponding set of N- 1 functions h Jfi , where h j $ is 

functionally equivalent to ° f° r 2<i<N and equipping each executing device j 

25 with a respective execution device function cascade EDj ( y l . . , y that 

includes y N ° h jN o y N ^ o h j N _ x ° . . . o y t . This device- specific set h u , however, does not match 

the obfuscated function cascade, that can 'unlock' a reference player that uses set h t . This 

latter set/player set is not made available to any executing device. Instead, the executing 
device j is equipped with a respective loader function 

30 loader. (x l ,...,^) =(^ a ° x n or j,rf) > where is functionally equivalent to 

ptn ° Pit rj j is functionally equivalent to p 2i ^ 1 ° p jt2 i-i • As before, each executing device 
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is provided with the same functions g v . . , g N . The executing device then executes 
EDjiloaderj^ ,g„)) . In this formula loader ){g x ,g N ) effectively converts the 
anonymous key g x ^^,g N into a device- specific key that optimally matches the execution 
device function cascade ED j (%,..., y„) . Using the definition that 
5 loaderj(g l9 ... ,g„) = (g M ,g ja r",gj, N ),faei-ihcomponentof loader^ ,...,g„) is 
g = Z yi o gi o ^ . . Using the definitions given above, this gives 

Sjj = Pi ° Pta 0 Ihi°fi° Pii-i ° Pn-t 1 °Pj^i . can be ^written as = pj^ o /.o . 
This is the same as using a device- specific set/sequence of permutations, where the device- 
specific set hjj eliminates the permutations. 

10 The concept of using an anonymous obfuscated key and a device- specific 

loader is also illustrated in Fig.8. The anonymous player PtR 810 incorporates the functions 
hi. The anonymous player PtR can be unlocked by the corresponding key K-R 812 that 
includes the obfuscated signal processing functions f t in the form of the set g t . The 
anonymous player PtR is not disclosed to any party. Each party is instead provided with a 

15 unique, device- specific player, shown are players PH 830 and Pt2 840. The common key 
K-R is provided to all parties. However, this common key does not match the specific 
players. Therefore, each party is also provided with a device- specific key loader K-L, shown 
are 820 and 825. The loader 820, 825 is used to convert the anonymous key K-R 812 into a 
device- specific key K-j.. To this end, loader K-Li includes the functions l jti and r Jti . As is 

20 shown in Fig.8, in principle, a device- specific loader is used. As is further illustrated in Fig.9, 
in fact, the loader may be the same, but fed with the device- specific functions l j4 and r JS . In 

the example of Fig.9, being fed with/^. and r u converts the anonymous key K-R 812 into the 
device-specific key 832 for device 1 ; being fed witht^ and r 2 i converts the anonymous key 
812 into the key 842 for device 2. The device- specific players 830, 840 are then unlocked 
25 using the device- specific key sets ^ , 832 and 842, respectively. It will be appreciated that in 

these examples, the phrase 'key* and 'player' is interchangeable since two chains of functions 
intre-lock. The example of Fig.4 illustrates both chains as keys. In an analogous way, it could 
also be illustrated as two interlocking players. 

It will now be understood that the anonymous player 810 (incorporating #n,.., 
30 gi) may advantageously be provided to each executing device through broadcasting and/or 
distribution on a storage medium with a same content for each executing device, simply 
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because this player is the same for each device. Similarly, the digital signal input x to be 
processed by each executing device can be distributed through broadcasting and/or 
distribution on a storage medium with a same content for each executing device. The loader- 
specific aspects are preferably provided to executing device j through a 'one-to-one 
5 communication channel* and/or a storage medium with a device- specific content with at least 
one the following sets of corresponding functions: h Jt u ,or rj t u The 'one-to-one 
communication channel* may be achieved in any suitable way. Preferably, the server 
downloads the device-specific information via a secure link (e.g. SSL) using Internet 

As described above, the function / may be a decryption function based on a 
10 Feistel cipher network and each of the signal processing functions ft is a respective Feistel 
decryption round function. In such a case, each of the permutations pt is preferably a Feistel 
transformer where a function Q operating on a sequential pair <x, y> is a Feistel transformer 

if there exist invertible functions Q x and Q y and Q{(x>y)) = (Q x (x)> Q (y))' where 

(x) ®Q^ (y) = {x®y) and Q y (x) ®Q y (y) = Q y (x® y) . If these conditions are met, 

15 the functions fi can be optimally hidden. In practice, it can be shown that many such Feistel 
transformers exist, giving ample room for device- specific choices of permutations. The 
definition of the Feistel transformer is based on the insight that using the definitions given 

above a Feistel round f. ((l H ,lf w )) = ^i? M ,(L.^ © F(R^ 9 K ( ))) can be seen as 
f. =swapoinvolutary F , with the definitions swap(j(x 9 y)) = swap((y,x)) and 
20 involutary F ((jc, y)) = (x, y © F(x)) . It then holds that swap" 1 = swap and 
involutaryF = involutary F . 

It will be appreciated that the invention also extends to computer programs, 
particularly computer programs on or in a carrier, adapted for putting the invention into 

25 practice. The program may be in the form of source code, object code, a code intermediate 
source and object code such as partially compiled form, or in any other form suitable for use 
in the implementation of the method according to the invention. The carrier be any entity or 
device capable of carrying the program. For example, the carrier may include a storage 
medium, such as a ROM, for example a CD ROM or a semiconductor ROM, or a magnetic 

30 recording medium, for example a floppy disc or hard disk. Further the carrier may be a 

transmissible carrier such as an electrical or optical signal that may be conveyed via electrical 
or optical cable or by radio or other means. When the program is embodied in such a signal, 
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the carrier may be constituted by such cable or other device or means. Alternatively, the 
carrier may be an integrated circuit in which the program is embedded, the integrated circuit 
being adapted for performing, or for use in the performance of, the relevant method. 

It should be noted that the above-mentioned embodiments illustrate rather than 
limit the invention, and that those skilled in the art will be able to design many alternative 
embodiments without departing from the scope of the appended claims. In the claims, any 
reference signs placed between parentheses shall not be construed as limiting the claim. Use 
of the verb "comprise" and its conjugations does not exclude the presence of elements or 
steps other than those stated in a claim. The article "a" or "an" preceding an element does not 
exclude the presence of a plurality of such elements. The invention may be implemented by 
means of hardware comprising several distinct elements, and by means of a suitably 
programmed computer. In the device claim enumerating several means, several of these 
means may be embodied by one and the same item of hardware. The mere fact that certain 
measures are recited in mutually different dependent claims does not indicate that a 
combination of these measures cannot be used to advantage. 
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CLAIMS: 



1. A method of providing a digital signal processing function /to an executing 
device in an obfuscated form; the function/ including a function cascade including a plurality 
of signal processing functions/-, 1 < i < N , for processing a digital signal input x to yield a 
digital signal output (for example, FC X (x) = f N ° • • • o / (x) ), the method including: 

5 selecting a set of 2N invertible permutations pu 1 ^ i ^ 2N ; 

calculating a set of N functions g t , where g l is functionally equivalent to 

calculating a set of N- 1 functions ft, , where h t is functionally equivalent to 

10 equipping the executing device with an execution device function cascade that 

includes y N °h N oy N ^oh N _ l o^ 9 oy li where y l9 ...,y N are function 

parameters (for example, ED X (y x ,...,3^) = y N °h N oy N _ l oh N _ l o mm9 oy l ) 9 

providing the functions g l9 *~,g N to the executing device; and 
in the executing device, applying the execution device function cascade to the 
15 functions g i9 ..-,g N (for example, ED i (g l9 ... ,g N )) . 

2. A method of providing a digital signal processing function / as claimed in 
claim 1, wherein the execution device function cascade includes 

y n ° h * ° y at-1 ° K -i ° — ° y i ° a 1 

20 (for example, ED 2 (y t . . , y N ) m y N o h N o y N ^ o^o.^^o p" 1 ) . 

3. A method of providing a digital signal processing function / as claimed in 
claim 1, wherein the function cascade starts with a further signal processing function fo 
(for example, FC 2 (x) s f N o— o / o f 0 (x) ) and the execution device function cascade 

25 includes 

y N °h„oy„_ i oh N _ l o„.oy l oS l 
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(for example, ED 3 ()' 1 ,..,)' N )sy ]V oft tf0 y ff _ 1 oA Jv . 1 o...oy 1 o 1 S i ), where 5" t is functionally 

equivalent to pj" 1 o /„ . 

4. A method of providing a digital signal processing function / as claimed in 
5 claim 1, wherein the execution device function cascade includes 

PiN°yN°K 0 3Vi ° K-L ° — ° >i (for example 
ED 4 (y l ^.. t y N ) = p 2N °y N <> h N <> y w _ t o fc^ 0...0 ^ 

i 

5. A method of providing a digital signal processing function / as claimed in 
10 claim 1, wherein the function cascade ends with a further signal processing function f N+ i, 

(for example, FC 3 (x) = f N+l © f N o • . • o f x (#) ) and the execution device function cascade 
includes 

S 2 °y N °h N oy N ^oh N _ l o.^oy l 

(for example, ED 5 (y x 7 ... 9 y N )^S 2 oy N oh N o y N ^ o o . o y x ) , where 5 2 is functionaUy 
15 equivalent to f N4L o p 2N . 

6. A method of providing a digital signal processing function / as claimed in 
claim 1, including obtaining a unique identity of the executing device and/or user of the 
executing device; the set and/or sequence of 2N invertible permutations pt being unique for 

20 the obtained identity. 

7. A method as claimed in claim 1, wherein the step of equipping the executing 
device with the execution device function cascade includes providing the execution device 
function cascade embedded in a software program for execution by a processor in the 

25 executing device. 

8. A method as claimed in claim 7, wherein the step of providing the functions 
gi>--->gN t0 1:116 executing device includes providing the functions g i9 ... 9 g N in the form of 
a plug-in for the program. 

30 

9. A method as claimed in claim 7, wherein the step of providing the functions 
<?i to the executing device includes embedding the functions g l9 ...,g N in the 
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software program by applying the execution device function cascade to the function 
parameters g L ,.--,<?tf* 

10. A computer program product operative to cause a processor in an execution 

5 device to execute a digital signal processing function / including a function cascade including 
a plurality of signal processing functions /, , where 1 < i < N , for processing a digital signal 

input x to yield a digital signal output (for example, FQ ( x) s f N o . . • o f t (x) ), by: 

loading an execution device function cascade that 
includes y N °h N <>y N _ l oh^^ o...oy p where y l9 *..,y N are function parameters, 

10 loading a set of functions g i9 *~ 9 g N9 

applying the execution device function cascade to the set of functions 

g I »• • -5 g 

N ; where: 

g t is functionally equivalent to p£ o f f o p 2hA 9 for 1 < i < N ; 
h t is functionally equivalent to p£_ x ° for 2<i<N \ and 
15 Pi is an invertible permutation, for 1 < i < 2N . 

11. A system for providing a digital signal processing function / to an executing 
device in an obfuscated form; the system including a server (610) and an executing device 
(620); the function/ including a function cascade including a plurality of signal processing 

20 functions f t , 1 < i < N , f or processing a digital signal input x to yield a digital signal output 

(for example, FC L W^^o-o^ (x) ); 

the server including a processor (612) for, under control of a program: 
selecting a set of 2N invertible permutations pu l^i< 2N ; 

calculating a set of N functions g f9 where g x is functionally 
25 equivalent to p£ o f.o p 2hJL , for 1 < i < N ; and 

calculating a set of AT- 1 functions h t , where ^ is functionally 

equivalent to p^ o p 2i _ 2 , for 2£z£N; and 

means (614) for equipping the executing device with an execution 
device function cascade that includes y N o h N o y N ^ o h N _ t o . . . o y v , where y x . . , y N are 

30 function parameters (for example, ED l (y^.^y^^y/v 0 ^ 0 y N -± ° h N _ x o.-oyj, and 
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means (616) for providing the functions g l9 ... 9 g N to the executing 

device; and 

the executing device (620) including: 

means (626) for obtaining the functions g i , . . . , g N from the server; 

5 and 

a processor (622) for, under control of a program, loading the 
execution device function cascade and applying the loaded execution device function cascade 
to the functions g l . g„ (for example, ED i (g x . . , g N )) . 



10 12. An execution device (620) for use in the system as claimed in claim 1 1 ; the 

executing device including: 

means (626) for obtaining the functions g l9 ... 9 g N from the server; 

and 

a processor (622) for, under control of a program, applying the 
1 5 execution device function cascade to the functions g L ^ (for example, ED t (g i9 .^ 9 g N )) 
and applying the applied device function cascade to the digital signal input x. 

13. A method of providing a digital signal processing function /to a plurality of 

executing devices, each identified by a unique index j, in an obfuscated, ano nymous form; 
20 the function/ including a function cascade including a plurality of signal processing 

functions/, where 1= i =iV, for processing a digital signal input x to yield a digital signal 
output ( for example, FC t (x) m f N o • . . o f x ( x ) ), the method including: 

selecting a set of 2N invertible permutations pu where 1 < i < 2N ; 
calculating a set of N functions g { , where g t is functionally equivalent to 

25 P^-f i op 2 ^l<i<N\ 

selecting for each device j a corresponding set and/or sequence of 2N 
invertible permutations p Jti 9 that is unique for the device and/or a user of the device; 

calculating for each executing device j a corresponding set of N-l 
functions h Jti , where h ui is functionally equivalent to /?J^ M o p j2l _ 2 for 2 < i ^ N ; 
30 equipping each executing device j with a respective execution device function 

cascade EDj(y l9 ... 9 y N ) that includes y N oh JtN oy N ^ 
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equipping each executing device j with a respective loader function 
loader^ x N ) = o x t o r Jl9 .. m J, j N °x N o r jN ) , where l j4 is functionally equivalent to 

P^\2i ° ft i m d r^is functionally equivalent to p%i-\ l o p jai -i ; 

providing to the executing device the functions g i9 ... 9 g N ; and 
in the executing device, executing ED } (loader j (g t . . , g N )) . 



14. A method of providing a digital signal processing function /as claimed in 

claim 13, including providing g i9 ...,g N to each executing device through broadcasting 
and/or distribution on a storage medium with a same content for each executing device. 



15. A method of providing a digital signal processing function/ as claimed in 

claim 14, including also providing the digital signal input x to each executing device through 
broadcasting and/or distribution on a storage medium with a same content for each executing 
device. 



16. A method of providing a digital signal processing function/as claimed in 

claim 13, including providing to executing device j through a one-to-one communication 
channel and/or a storage medium with a device- specific content at least one the following 
sets of corresponding functions: h Jt u Ijj ,or r^. 



17. A method of providing a digital signal processing function /as claimed in 

claim 1 or 13, wherein the function / is a decryption function based on a Feistel cipher 
network and each of the signal processing functions /, is a respective Feistel decryption 

round function. 



18. A method of providing a digital signal processing function / as claimed in 

claim 17, wherein each of the permutations p t is a Feistel transformer where a function Q 

operating on a sequential pair <x, y> is a Feistel transformer if there exist invertible functions 

Q x and Q y and Q ({x, y)) = {Q x (x) , ^ ( y)) , where Q x (x) ®Q X (y)=Q x (x®y) and 

30 Q y (x)®Q y (y) = Q y {x®y) 
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19. A computer program product operative to cause a processor in an execution 

device/ to execute a digital signal processing function / including a function cascade 
including a plurality of signal processing functions /, , where 1 < i < N , f or processing a 

digital signal input x to yield a digital signal output (for example, FC X (x) = f N <> - . • o / (x) ), 

5 the method including: 

loading an execution device function cascade that is unique for the execution 

device and that includes y N oh J N °y N ^ ° ^ ° ... ©y x , where y L ,..., y N are function 
parameters, 

loading a loader function loader. a^) s (/^ o ^ o r J X ,...,/ i>Ar ° x N o r j N ) , 

10 loading a set of functions g i9 ... 9 g N i 

applying the loader function to the set of functions g i9 *-* 9 g N yielding a set of 
functions gj,N and applying the execution device function cascade to the set of 

functions gj,i,~.> gj t N, 
where: 

15 g t is functionally equivalent to p^] ° /, © /? 2 m > f° r 1 - * — ^ 5 

Pi is an invertible permutation, for l<i<N ; 



h hi is functionally equivalent to pj^f-i ° P/#_ 2 f° r 2<i<N; 
Ijj is functionally equivalent to j?^ 2 , o p 2i ; 

r y>/ is functionally equivalent to p 2i ^ 1 0 Py,2f-i > 
20 p y f are invertible permutations, for 1 < i < 2N , being unique for the device 

and/or a user of the device. 



20. A system for providing a digital signal processing function /to a plurality of 

executing devices, in an obfuscated, anonymous form; the system including a server and a 
25 plurality of executing devices, each identified by a unique index j; the function/ including a 
function cascade including a plurality of signal processing functions/, where 1 < i < N , for 
processing a digital signal input x to yield a digital signal output ( for example, 

the server including a processor for, under control of a program: 
30 selecting a set of 2N invertible permutations pu where 1 < i < 2N ; 
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calculating a set of N functions g n where g t is functionally 

equivalent to p^f ° f t ° p 2 /-t > f° r l^i^N; 

selecting for each device j a corresponding set and/or sequence of 2N 
invertible permutations p hi , that is unique for the device and/or a user of the device; 

5 calculating for each executing device j a corresponding set of N- 1 

functions h Jti , where h Jti is functionally equivalent to p'^y ° Pj#-2 for 2£i£N; 

equipping each executing device j with a respective execution device 
function cascade EDj(y l9 „. 9 y N ) that includes y N °h j N °y N ^ °h jN _ x ° ...oy x \ 

equipping each executing device j with a respective loader function 
10 loaderj^,..., x N ) = (Zy tl °x l or jl9 ... 9 l J N °x N ° r j H ) , where l J4 is functionally equivalent to 



25 



Pj% ° Pzi m & r jA s functionally equivalent to /> 2 *-i~ l ° Pjat-i > 

providing to the executing device the functions g N \ and 

each executing device j, 

means for obtaining the functions g N from the server, and 

15 a processor for, under control of a program: 

loading an execution device function cascade that is unique 
for the execution device and that includes y N °h jN o y N ^ o^_ l o...oy p where y L , . . . , y N are 

function parameters, 

loading a loader function 
20 loader^,..., x N ) o^or i(l /. w o^ or J N ) , 

applying the loader function to the set of functions gi,.. M gN 
yielding a set of functions g jX , . . . , g JN ; and 

applying the execution device function cascade to the set of 

functions g jtl ,-*-,g jtN 



21. An execution device for use in the system as claimed in claim 20; where the 

executing device is identified by a unique index j; and includes: 

means for obtaining the functions g y ^^,g N from the server; and 

a processor for, under control of a program: 
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loading an execution device function cascade that is unique for the 
execution device and that includes y N o h j N o y Nl o h jt Nmml ° . . . o y x , where y t , . . . , y N are 
function parameters, 

loading a loader function 
loader ^ =(/ ifl °^ 0 ^i'-^ 0 ^ 07 },")> 

applying the loader function to the set of functions g„ yielding 

a set of functions g jtl . . , g jtN ; and 

applying the execution device function cascade to the set of functions 

gj± 9**'l8j % N, 

where: 

g i is functionally equivalent to p^] ° /,© p 2hl , for 1 < * < iV ; 

is an invertible permutation, for l<i<N; 
h jwi is functionally equivalent to ° /^ ( -2 f° r 2<i<N ; 

is functionally equivalent to pj^, © p 2| ; 
r, , is functionally equivalent to p 2i -i~ l ° ^, 2 m 5 ^ 

Pjj are invertible permutations, for 1 < i < 2N , being unique for the device 
and/or a user of the device. 
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ABSTRACT: 



In a system 600, a server 610 provides a digital signal processing function /to 
an executing device 620 in an obfuscated form. The function/ includes a function cascade of 

signal processing functions f i9 l<i<N (e.g., FC X (x) = f N °'-°f l (x) ). 

The server includes a processor 612 for selecting a set of 2N invertible 

permutations pu 1 ^ i ^ 2N ; calculating a set of N functions g t , where g ( is functionally 

equivalent to p 2 ] ° f t ° P 2 *-i » f° r l^i^N; and calculating a set of AT- 1 functions h t , where 
is functionally equivalent to p 2 ]^ ° p 2i - 2 » f° r 2 ^ z < iV . The server includes means 614 for 
equipping the executing device with an execution device function cascade that 
includes y N o h N o y N ^ o o . . . o ^ , where y t ,. . . , y^ are function parameters 

(e.g., ED X (y x ,. . . , y N ) s y„ o ^ o y^ o o . . . o y l ) , and means 616 for providing the 

functions g v ,*..,g N to the executing device. 

The executing device includes means 626 for obtaining the functions 
g i9 .** 9 g N and a processor 622 for loading the execution device function cascade and 
applying the loaded execution device function cascade to the functions 

Fig. 6 
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